IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [standards]

74 questions
3
votes
1 answer

What is the minimal security standard needed for this type of software product

Actions described in security standards (like ISO 27002, PCI-DSS, HIPAA, Common Criteria) greatly vary according to the domain data that they store, process, transmit and report. We have a product which collects metrics from a network/wifi enabled…
user134083
  • 33
  • 2
3
votes
0 answers

Protocols for transfering access control data

The company I am working for has decided to create an API for a few of the products we create here (we create physical access control solutions, card readers, key storage, intelligent door locks and stuff). The problem is management does not exactly…
Vincent
  • 433
  • 3
  • 9
2
votes
1 answer

Security requirements for small tax software business

I have a client who does payroll and taxes and is looking for a web app to easily communicate and transfer tax related documents for clients. I would assume that the IRS or someone would have some standard on how this type of data should be handled.…
user8890139
  • 23
  • 3
2
votes
1 answer

What does a TPM have in common with smart cards?

The title really says it all. I'm starting to dig a little bit into computer security and from what I've watched or from what I have read in books or articles there's always a mention of basic smart cards (e.g. Chapter 3, “Scenarios for Using TPM…
T. Maxx
  • 115
  • 1
  • 1
  • 5
2
votes
1 answer

Is AES the recommended symmetric cipher for production level software?

I was considering developing an application level software for file encryption after stress testing many of my implementations of popular symmetric ciphers. I would love to support multiple algorithms like AES (GCM / CBC/ CTR) , XChaCha20-Poly1305…
Vivekanand V
  • 147
  • 5
2
votes
1 answer

What is a Security Guideline and how does it stand in relation with Standards, Policies, Procedures?

I'm currently working on the definitions-section of a paper. Therefore I have to define the term "Guideline" and how its relationship to other terms (Standards, Policies, Procedures) looks like. However, all I can find are some definitions that…
koapsi
  • 25
  • 5
2
votes
2 answers

Are there currently any standards for Homomorphic encryption?

I am curious if there are any released standards for homomorphic encryption, or computing on encrypted data. Perhaps by NIST, ANSI, or ISO. If not, are there any that are under development right now? If you have any estimates for a time frame about…
jburcham
  • 148
  • 1
  • 6
2
votes
2 answers

What security standards apply to physical security for an infosec office

I'm looking for actual specific standards that apply to physical access control for Information Security office space. Long story short, our building manager wants an open office concept, and in order to argue this, my boss wants some specific…
IBUS
  • 21
  • 1
2
votes
2 answers

Cryptography best practices standard

I have been searching some standards about cryptography best practices. I have found some articles and books but no official standard. Do cryptography best practices standard exist?
Iratzar Carrasson Bores
  • 196
  • 1
  • 13
2
votes
1 answer

Signature in ECDSA-signed X.509 certificates

I wonder if there is a standard way of encoding the ECDSA-signature in the signature field of an X.509 certificate. As far as I understand, the signature is a tuple of two integers r and s. If the signature uses the prime256v1 curve, each integer…
flipje
  • 23
  • 7
2
votes
2 answers

Are CCE's used anymore?

Obviously CVE's are used extensively for referring to specific vulnerabilities. However, I don't see CCE's referenced very much in regards to configurations. I understand that configuration settings are pretty static, but the CCE page hasn't been…
Silversub
  • 21
  • 1
2
votes
1 answer

Developing Small Business Information Security Standards

I'm looking for some resources and hoping some of you security experts can help. Quick Background: I recently started my first job out of college working at a small organization as a Web Developer. In addition to my development duties I also provide…
Joshua Cummings
  • 23
  • 3
2
votes
0 answers

How should I authenticate a third party's users on my platform?

I'm having trouble finding implementation ideas / guidance / examples for an authentication system that has the following properties: Allows a third party to carry out actions on our platform on behalf of a user. Allows a user of the third…
Ben Andersen-Waine
  • 21
  • 1
2
votes
2 answers

Cybersecurity Server Stack references

I hear a lot of best practices saying that you should have 2 vSphere server stacks: One for Production One for Cybersecurity For example, your enterprise might have a vSphere environment stack that has all your core services (Exchange, DCs,…
Ninjaneer
  • 21
  • 3
1
vote
0 answers

Do you know of a reasonable study on MFA value as a function of the nature of the first factor?

Multi Factor Authentication is obviously a lifesaver for passwords, so things that can easily leak (peeking, guessing, stealing, ...). A second/third/... factor of another kind considerably reduces the risk. This is less obvious for hardware…
WoJ
  • 8,957
  • 2
  • 32
  • 51
1
2
3 4 5